mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'ps/build-sign-compare'

Browse Source 
Last-minute fix for a regression in "git blame --abbrev=<length>"
when insane <length> is specified; we used to correctly cap it to
the hash output length but broke it during the cycle.

* ps/build-sign-compare:
  builtin/blame: fix out-of-bounds write with blank boundary commits
  builtin/blame: fix out-of-bounds read with excessive `--abbrev`
This commit is contained in:
Junio C Hamano 2025-01-10 09:19:33 -08:00
commit b28fb93e51
2 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
builtin/blame.c
View File

@ -489,9 +489,9 @@ static void emit_other(struct blame_scoreboard *sb, struct blame_entry *ent, int
fputs(color, stdout);
if (suspect->commit->object.flags & UNINTERESTING) {
if (blank_boundary)
memset(hex, ' ', length);
else if (!(opt & OUTPUT_ANNOTATE_COMPAT)) {
if (blank_boundary) {
memset(hex, ' ', strlen(hex));
} else if (!(opt & OUTPUT_ANNOTATE_COMPAT)) {
length--;
putchar('^');
}
@ -505,7 +505,8 @@ static void emit_other(struct blame_scoreboard *sb, struct blame_entry *ent, int
length--;
putchar('?');
}
fwrite(hex, 1, length, stdout);
printf("%.*s", (int)(length < GIT_MAX_HEXSZ ? length : GIT_MAX_HEXSZ), hex);
if (opt & OUTPUT_ANNOTATE_COMPAT) {
const char *name;
if (opt & OUTPUT_SHOW_EMAIL)

26
t/t8002-blame.sh
View File

@ -126,6 +126,32 @@ test_expect_success '--no-abbrev works like --abbrev with full length' '
check_abbrev $hexsz --no-abbrev
'
test_expect_success 'blame --abbrev gets truncated' '
check_abbrev $hexsz --abbrev=9000 HEAD
'
test_expect_success 'blame --abbrev gets truncated with boundary commit' '
check_abbrev $hexsz --abbrev=9000 ^HEAD
'
test_expect_success 'blame --abbrev -b truncates the blank boundary' '
# Note that `--abbrev=` always gets incremented by 1, which is why we
# expect 11 leading spaces and not 10.
cat >expect <<-EOF &&
$(printf "%0.s " $(test_seq 11)) (<author@example.com> 2005-04-07 15:45:13 -0700 1) abbrev
EOF
git blame -b --abbrev=10 ^HEAD -- abbrev.t >actual &&
test_cmp expect actual
'
test_expect_success 'blame with excessive --abbrev and -b culls to hash length' '
cat >expect <<-EOF &&
$(printf "%0.s " $(test_seq $hexsz)) (<author@example.com> 2005-04-07 15:45:13 -0700 1) abbrev
EOF
git blame -b --abbrev=9000 ^HEAD -- abbrev.t >actual &&
test_cmp expect actual
'
test_expect_success '--exclude-promisor-objects does not BUG-crash' '
test_must_fail git blame --exclude-promisor-objects one
'